CVE-2018-1000152Incorrect Authorization in Jenkins Vsphere

CWE-863Incorrect Authorization5 documents5 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 81.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Vsphere
Timeline
PublishedApr 5
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

NVDjenkins/vsphere2.16

🔴Vulnerability Details

3
OSV
Jenkins vSphere Plugin incorrect authorization vulnerability2022-05-13
GHSA
Jenkins vSphere Plugin incorrect authorization vulnerability2022-05-13
CVEList
CVE-2018-1000152: An improper authorization vulnerability exists in Jenkins vSphere Plugin 22018-04-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-262018-03-26